August 15, 2024
Above: the 2024 UNC-Intel REU cohort poses for a photo with REU Program Manager Moshe Ikechukwu
The 2024 UNC-Intel Research Experience for Undergraduate Students (REU) brought together 10 students from North Carolina and the northeastern United States to explore research projects in fields related to computer security.
Participants Miguel Alvarado Dorado, Margaret Bailey, Audrey Fuelleman, Archana Goli, Joshua Harrell, Taylor Morris, Tobenna Okoli, Trisha Samavedam, Amisha Wadhwa, and Felicia Zheng spent the summer at UNC-Chapel Hill working on research projects, attending weekly workshops on a wide range of topics, and experiencing everything the Triangle area of Raleigh, Durham, and Chapel Hill has to offer.
Students were guided in their research projects by faculty advisers and graduate student mentors from UNC Computer Science, as well as advisers and career mentors from Intel. Project topics included network traffic classification, deepfake content generation, side-channel attacks, healthcare data obfuscation, and symbolic execution. In addition to undertaking research, the program exposes students to life in both academia and industry and builds connections with researchers that can be leveraged as students continue in their careers. Workshops offered insight into research areas like cryptography and data visualization, as well as skills like professionalism and self-advocacy.
The program ended on July 26 with research presentations by each participating student, which were attended by UNC and Intel mentors.
The UNC-Intel REU began in 2022 with three participating students and has grown each year since. The program costs nothing to participating students, with the students receiving a stipend for the summer and funding for travel to Chapel Hill. Applications for the 2025 program are expected to open in December 2024.
Project Summaries
“Private Synthetic Data Options for Healthcare Records”
Undertaken by Miguel Alvarado Dorado
Advised by Junier Oliva, Yunni Qu, Richard Chow, and Danielle Rager
Healthcare data is critical for good medical decision-making, but patients’ personal information must be protected during data analysis. Alvarado Dorado worked toward developing data-driven decision support systems that aid clinicians in their decision-making without leaking sensitive patient information from trained models or data-collection.
“Rowhammer/RowPress: Replication and Future Directions”
Undertaken by Margaret Bailey
Advised by Andrew Kwong, Yichang Hu, James P. Cavanaugh, and Priya B. Iyer
Bailey reproduced the results of a recent paper on the RowHammer phenomenon in DRAM chips and extended the work to see if it could be improved via a multibanking, self-evicting approach, as was used in a recent paper SledgeHammer, which was authored by Kwong.
“Neural Networks and Program Semantics: A Symbolic Execution Approach”
Undertaken by Audrey Fuelleman and Taylor Morris
Advised by Sridhar Duggirala, Hareesh Khattri, Bruce Monroe, and Jula DeWeese
Deep learning and large-language models have been successful in generating representations for programs that are purely syntactic. That is, given the text of a program together with annotations such as comments and assertions, neural networks are able to compute embeddings of programs. These embeddings are useful in several downstream tasks such as classification, code search, code synthesis, bud detection, and summarization. Fuelleman and Morris sought to improve these neural representations using symbolic and dynamic symbolic execution techniques. The project aimed to integrate the symbolic execution tree together with the program in the representation generation and evaluate this approach for several downstream tasks such as bug detection or code search.
“Detecting Errors in Cryptographic Algorithm Implementations”
Undertaken by Archana Goli
Advised by Danielle Szafir, Fahimeh Rezaei, and Pranavansh Mutyala
Goli’s project focused on developing a visualization tool to aid in understanding and identifying potential vulnerabilities in cryptographic algorithm implementations, specifically the AES-GCM cipher. By combining deep knowledge of hashing algorithms, AES, and common implementation errors, she developed a visualization to represent algorithm structures, display code, and analyze results. She also explored techniques for code parsing to automate the detection of implementation errors.
“Investigating the Queueing Side Channel in Modern Web Browsers”
Undertaken by Joshua Harrell
Advised by Benjamin Berg, Kiavash Satvat, and Brian Delgado
While queueing theory is valuable for optimizing performance among multiple users of the same system, it can potentially be exploited by an attacker to infer the characteristics of other jobs in the system. Harrell learned about queueing theory and investigated the source code of an open-source browser to understand how much information is leaked from one isolated tab to another when processing graphics rendering requests from both tabs.
“Network Traffic Classification”
Undertaken by Tobenna Okoli
Advised by Jasleen Kaur, Paul Choi, Salmin Sultana, and Francisco J. Chinchilla
This project focused on whether the type of access network (ethernet, campus Wi-Fi, public access Wi-Fi, cellular, residential broadband, etc.) used by a client can be estimated by relying on classification of internet traffic generated by the client. Okoli ran a detailed set of controlled experiments to collect large volumes of traffic data using different types of access networks and use supervised deep learning pipelines to evaluate the extent to which the type of access network could be classified using only anonymized TCP/IP headers of the traffic.
“Building a Testing Framework for a Symbolic Execution Engine”
Undertaken by Trisha Samavedam
Advised by Cynthia Sturton, Kaki Ryan, Brian Huffman, and Salina W. Fan-Carman
In this project, Samavedam built a testing framework in Python for regression testing of the Sylvia symbolic execution engine, a hardware verification tool developed by Sturton that evaluates code on symbolic inputs instead of concrete inputs, tracking execution in terms of the symbolic values.
“Understanding Deepfake Generation & Detection”
Undertaken by Amisha Wadhwa
Advised by Roni Sengupta, Andrea Dunn Beltran, Ilke Demir, and Archana Chaudhari
Wadhwa explored state-of-the-art diffusion model-based deepfake content creation algorithms to answer questions like how to differentiate between ‘benign’ and ‘malignant’ editing and whether existing frequency-based techniques can differentiate between ‘benign’ and ‘malignant’ editing or just flag all editing as ‘malignant’.
“Media-Driven Deauthentication for Wi-Fi Modulation”
Undertaken by Felicia Zheng
Advised by Saba Eskandarian, Matthew Gregoire, Daniel Dinu, and Mark Gentry
Zheng built a security demo that could detect when users connected to a Wi-Fi network are watching movies on the WiFi and automatically kick off users who are watching movies. This demonstration showed that WiFi connections may not be as private as we think, even if they’re encrypted. The project involved learning how to use various network security tools and writing scripts to use them together in interesting ways.